Managing Project Risks: Threats, Issues, and Risks

Threats, Issues, and Risks

Inexperienced project managers often make the mistake of confusing threats, issues, and risks. A threat is a potential hazard, such as dropping your phone in the water. A threat is not in itself a risk. A risk is the probability that the threat will be realized times the consequences.

On the other end of the uncertainty spectrum are issues, which are known potential problems that the project team will definitely have to keep an eye on. For example, the mere possibility of exceeding a project's budget is not a risk. It's a well-known issue associated with any project; part of managing the project is managing the budget. But if your particular project involves extensive use of copper wiring, then an increase in the price of copper is a direct threat to your project's success, and the associated risk is the probability of higher copper prices times the consequences of such an increase. Team members cannot control the price of copper; it is a risk that you'll have to respond to, making decisions in response to the changing situation.

Risk expert Carl Pritchard distinguishes between risks and issues as follows: "A risk is out there in the future, and we don't know if it is going to happen; but if it does happen it will have an impact. Issues are risks realized. They are the risks whose time has come, so to speak". That's not to say that all issues used to be risks. And some things can be issues at an organizational level, but a risk when it comes to your particular project. Pritchard explains:

An issue in your organization may be that management changes its mind….If your management is constantly changing their minds, time and time and time again – that's an issue. But for your particular project, they haven't changed their mind yet. So for your project it's still a risk. It's a future phenomenon, because it hasn't happened to you yet. You're anticipating that eventually it will become an issue. But for now, at least, it's still out there in the future.

Table 8-1 compares issues, threats, and risks on different projects.

Project	Issue	Threat	Risk
Developing a new cell phone	The phone must be released on schedule or consumers will consider it obsolete.	Introduction of new features in a competing product, which would necessitate adding the same feature to your product.	The probability that a competitor will introduce a new feature times the consequences in time and money required to remain competitive.
Constructing a sea wall	The sea wall must be resilient even if exposed to the most severe storm surge that can be anticipated given our current knowledge.	Rising sea levels caused by climate change make it hard to predict the future meaning of the words "the most severe storm surge".	The probability of sea levels rising higher than the sea wall times the monetary and safety consequences of flooding.
Constructing an addition to a clinic	Cost of capital has a significant impact on capital project decision-making.	The Federal Reserve raises interest rates, increasing the cost of borrowing money for the project.	The probability of rising interest rates times the increase to overall project cost if interest rates do go up.

Table 8-1. Distinguishing between issues, threats, and risks

The Fine Art of Perceiving Risk

A quick perusal of recent articles published in Risk Management magazine hints at the vast array of risks facing modern organizations. If you were asked to generate your own list, you might include environmental disasters, financial setbacks, and data theft as obvious risks. But what about the more obscure dangers associated with patent translations or cyber extortion?

The following examines a few varieties of issues and related risks you might not have considered. Can you think of any issues and risks specific to your industry that you would add this list?

Human capital: Turnover among team members is an inevitable issue on long-running projects. People will come and go, and you have to be prepared to deal with that. But some forms of turnover go beyond issues and are in fact real risks. For example, one human capital risk might be loss of a key manager or technical expert whose relationship with the client is critical to keeping the contract. Team members behaving unethically is another human capital risk. Suppose a member on a highway construction project is fired for taking a bribe. This could have effects that ripple through the entire team for a long time to come. Team members might feel that their professional reputations are at risk, or they might decide that the team's manager is not to be trusted. Once team cohesion begins to crumble in this way, it can be hard to put things back together. Other human capital issues include catastrophic work events and negligent hiring practices. For example, the 2013 launch of HealthCare.gov failed, in part, because the project team lacked software developers with experience launching a vast, nationwide website. Meanwhile, departures of vital staff members at the agency responsible for overseeing the insurance marketplace also hampered progress. These unidentified human capital risks brought the project to a standstill. It was ultimately saved by a "hastily assembled group of tech wizards" with the know-how required to get the website up and running.
Marketing: Project management teams often struggle to communicate with an organization's marketing department. Rather than drawing on the marketing department's understanding of customer needs, project teams often prefer to draw on their own technological know-how to create something cool, and then attempt to push the new product onto the market. But this can be a disaster if the new product reaches the market without the support of a fine-tuned marketing campaign. This is especially true for innovative products. For example, product developers might focus on creating the most advanced hardware for a smart thermostat, when in fact customers primarily care about having a software interface that's easy to use. As in many situations, a pull approach – asking the marketing department to tell your team what the market wants – is often a better option. Of course, this necessitates a good working relationship with the marketing department, which is not something you can establish overnight. Sometimes a marketing risk takes the form of a product or service that only partly serves the customer's needs. For example, one of the many problems with the rollout of the HealthCare.gov website, in 2013, was a design that "had capacity for just a fraction of the planned number of consumers who could shop for health plans and fill out applications".
Compliance: In many cases, you'll need to make sure your project complies with "rules, laws, policies, and standards of governance that may be imposed by regulatory bodies and government agencies". Indeed, some projects are exclusively devoted to compliance tasks and can "range from implementation of employment laws to setting up processes and structures for meeting and reporting statutory tax and audit requirements to ensuring compliance with industry standards such as health and safety regulations". In any arena, the repercussions of failing to follow government regulations can be extreme. Ensuring compliance starts with learning what regulations apply to your particular project and staying up-to-date on changes to applicable laws. Keep in mind that safety concerns can evolve quickly, as was the case with Samsung's Galaxy Note 7 phone; millions of phones had to be recalled and the company's new flagship smartphone scrapped after lithium-ion batteries caused devices to catch fire.
Sustainability: Although businesses have always had to deal with issues associated with the availability of natural resources, in the past they rarely questioned the validity of a business model that presumed the consumption of vast amounts of natural resources. But as scientists provide ever more startling evidence that endless economic growth is not a realistic strategy for the human race, businesses have had to focus on issues related to sustainability if they want to survive. For one thing, people increasingly want to work for organizations they perceive as having a serious commitment to sustainability. Indeed, the need to recruit top talent in the automotive world is one motivation behind the on-going transformation of Ford's Dearborn, Michigan campus into a sustainability showcase. Meanwhile, Ford's $11 billion investment in electric vehicles is a bid to remain viable in foreign markets that have more stringent sustainability requirements than the United States. A report on sustainability risks by Wilbury Stratton, an executive search firm, lists some specific sustainability risks:

Social responsibility risks that threaten the license to operate a mining operation, risks tied to perceptions of over-consumption of water, and reputational risks linked to investments in projects with potentially damaging environmental consequences…. Additional trends in sustainability risk include risks to financial performance from volatile energy prices, compliance risks triggered by new carbon regulations, and risks from product substitution as customers switch to more sustainable alternatives.

Complexity: Complex projects often involve risks that are hard to identify at the outset. Thus, complex projects often require a flexible, adaptable approach to risk management, with the project team prepared to respond to new risks as they emerge. Complex projects can be derailed by highly detailed plans and rigid controls which can "lock the project management team into an inflexible mindset and daily pattern of work that cannot keep up with unpredictable changes in the project. Rather than reduce risk, this will amplify it and reduce [the team's] capacity to achieve [its] goals. The effort to control risk might leave the team trying to tame a tiger while stuck in a straitjacket". Agile was specifically developed to deal with the challenges associated with the kinds of complexity found in IT projects. Pull planning also offers advantages in complex environments, in part because it forces team members to communicate and stay flexible.

Perhaps the hardest risks of all to prepare for are the risks that your training and professional biases prevent you from perceiving in the first place. As an engineer, you are predisposed to identify technical risks. You might not be quite as good at recognizing other types of risks. In Chapter 1 of Proactive Risk Management, Preston G. Smith and Guy M. Merritt list some risks associated with a fictitious product. The list includes marketing, sourcing, regulatory, and technical risks. In summing up, the authors point out two essential facts about the list of risks: "First, it is specific to this project and market at this point in time. Second, it goes far beyond engineering items". Later in the book, in a chapter on implementing a risk management program, they have this to say about an engineer's tendency to perceive only technical risks:

Good risk management is cross-functional. If engineers dominate product development, you might consider letting engineering run project risk management. This is a mistake. If you assign risk management to the engineering department and engage only engineers to identify, analyze, and plan for risks, they will place only engineering risks on their lists.

How Team Members Perceive Risk

The role team members play in a project can hugely affect their perception of risk. According to David Hillson, a consultant and author of many books on risk, a project sponsor (upper management or the customer) and the project manager perceive things very differently:

The project manager is accountable for delivery of the project objectives, and therefore needs to be aware of any risks that could affect that delivery, either positively or negatively. Her scope of interest is focused on specific sources of uncertainty within the project. These sources are likely to be particular future events or sets of circumstances or conditions which are uncertain to a greater or lesser extent, and which would have some degree of impact on the project if they occurred. The project manager asks, "What are the risks in my project?"….

The project sponsor, on the other hand, is interested in risk at a different level. He is less interested in specific risks within the project, and more in the overall picture. Their question is "How risky is my project?"…. Instead of wanting to know about specific risks, the project sponsor is concerned about the overall risk of the project. This represents her exposure to the effects of uncertainty across the project as a whole.

These two different perspectives reveal an important dichotomy in the nature of risk in the context of projects. A project manager is interested in "risks" while the sponsor wants to know about "risk". While the project manager looks at the risks in the project, the project sponsor looks at the risk of the project.

Even when you think you understand a particular stakeholder's attitude toward risk, that person's risk tolerance can change. For example, a high-level manager's tolerance for risk when your organization is doing well financially might be profoundly different from the same manager's tolerance for risk in an economic downturn. Take care to monitor the risk tolerance of all project stakeholders – including yourself. Recognize that everyone's risk tolerances can change throughout the life of the project based on a wide range of factors.

Course Introduction

Course Syllabus

Unit 1: What is Project Management?

1.1: Introduction to Project Management

What is Project Management?

How Are Projects Different from Ongoing Operations?

1.2: Strategic Vision

The Role of Strategy in Management

Project Selection

Calculating Net Present Value

1.3: Project Management Terminology

Framework for Project Management

Project Management Frameworks

Project Management FAQs

1.4: Project Success or Failure

Reasons Projects Succeed or Fail

Understanding the Project Management Triangle (or Triple Constraint)

Unit 1 Discussion

Unit 1 Study Resources

Unit 1 Review Video

Unit 1 Review Slides

Study Guide: Unit 1

Unit 1 Assessment

Unit 1 Assessment

Unit 2: The Project Lifecycle

2.1: Project Management Life Cycle

The Project Life Cycle (Phases)

Project Initiation, Scope, and Structure

2.2: Initiation Phase

Initiation, Success, and the Project Charter

Components of a Project Charter

Business Case

How to Illustrate Business Case Benefits

2.3: Planning Phase

Project Schedule Planning

2.4: Execution Work Management Phase

Project Implementation Overview

2.5: Monitoring and Controlling Work Phase

Project Monitoring and Control

2.6: Closing and Implementing Phase

Project Closing

Unit 2 Discussion

Unit 2 Study Resources

Unit 2 Review Video

Unit 2 Review Slides

Study Guide: Unit 2

Unit 2 Assessment

Unit 2 Assessment

Unit 3: Initiating Projects

3.1: Business Case

Project Initiation

Identify the Need for a Business Case

3.2: The Project Charter

Developing the Project Charter and Baseline Project Plan

Project Charter Components

3.3: Stakeholder Identification and Prioritization

Stakeholder Management

Engaging Stakeholders Early

Unit 3 Discussion

Unit 3 Study Resources

Unit 3 Review Video

Unit 3 Review Slides

Study Guide: Unit 3

Unit 3 Assessment

Unit 3 Assessment

Unit 4: Planning Projects

4.1: Defining Project Scope

Overview of Project Planning

Scope Planning

Project Scope and Context

Scope Creep

4.2: Plan the Schedule

Project Scheduling

Project Schedule Management

4.3: Controlling the Project Schedule

The Critical Path Method

4.4: The Work Breakdown Structure (WBS)

Scope Management

Key Components of Project Management

4.5: Resource Planning